Practice Free FCP_FWB_AD-7.4 Exam Online Questions
Which implementation is best suited for a deployment that must meet compliance criteria?
- A . SSL Offloading with FortiWeb in reverse proxy mode
- B . SSL Inspection with FortiWeb in Transparency mode
- C . SSL Offloading with FortiWeb in Transparency Mode
- D . SSL Inspection with FrotiWeb in Reverse Proxy mode
When configuring threat mitigation features for a web application, what is the primary purpose of rate limiting?
- A . Preventing brute force attacks
- B . Identifying malicious IP addresses
- C . Encrypting sensitive data
- D . Optimizing web server performance
What is the primary purpose of configuring content compression in application delivery? (Select all that apply)
- A . Reducing bandwidth consumption
- B . Enhancing security by encrypting content
- C . Accelerating content loading for users
- D . Preventing unauthorized access to web pages
A client is trying to start a session from a page that should normally be accessible only after they have logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
- A . Allow the page access, but log the violation
- B . Prompt the client to authenticate
- C . Reply with a "403 Forbidden" HTTP error
- D . Automatically redirect the client to the login page
- E . Display an access policy message, then allow the client to continue, redirecting them to their requested page
Refer to the exhibit.
How does FortiWeb generate this support vector machine (SVM) model?
- A . It is constantly updated through observed traffic after the ML model has been built by FortiWeb.
- B . It uses data received during the collection phase of the machine learning (ML) process.
- C . It downloads information periodically from FortiGuard.
- D . It uses the XML file imported by the administrator.
Which is true about HTTPS on FortiWeb? (Choose three.)
- A . Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
- B . In true transparent mode, the TLS session terminator is a protected web server.
- C . In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.
- D . For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
- E . After enabling HSTS, redirects to HTTPS are no longer necessary.
Which action must you take with your FortiWeb logs to ensure Payment Card Industry Data Security Standard (PCI DSS) compliance?
- A . Keep all log files for at least one year.
- B . Store logs, unencrypted, in an off-site location for regulators to access.
- C . Erase all logs every two weeks.
- D . Encrypt all log and configuration files on an offline server.
When configuring access control methods for web application users, which options should be considered for tracking and auditing user actions? (Select all that apply)
- A . Session logs
- B . Authentication logs
- C . Web server logs
- D . Error logs
How can you mitigate attacks on authentication processes in a web application? (Select all that apply)
- A . Implement multi-factor authentication (MFA)
- B . Use secure password hashing algorithms
- C . Disable all authentication mechanisms
- D . Implement account lockout policies
Review the following configuration:
What are two routing behaviors that you can expect on FortiWeb after this configuration change? (Choose two.)
- A . Non-HTTP traffic routed through the FortiWeb is allowed.
- B . IPv6 routing is enabled.
- C . Non-HTTP traffic destined to the FortiWeb virtual server IP address is dropped.
- D . Only ICMP traffic is allowed. All other traffic is dropped.
A, C
Explanation:
FortiWeb is primarily designed to handle HTTP and HTTPS traffic, protecting web applications from various threats. By default, when operating in reverse proxy mode, FortiWeb does not forward non-HTTP/HTTPS protocols to protected servers. However, administrators can configure FortiWeb to handle non-HTTP/HTTPS traffic differently using the config router setting command. This command allows enabling IP-based forwarding (routing) for non-HTTP/HTTPS traffic. When enabled, FortiWeb can route non-HTTP traffic through itself to the appropriate backend servers.
Despite this capability, any non-HTTP/HTTPS traffic that is destined directly for a FortiWeb virtual server IP address is dropped. This means that while FortiWeb can be configured to forward non-HTTP/HTTPS traffic to backend servers, it will not process non-HTTP/HTTPS traffic targeted at its own virtual server IPs.
Regarding IPv6 routing, FortiWeb does support IPv6 in various operation modes, including reverse proxy, offline inspection, and transparent inspection. However, enabling IPv6 routing requires specific configurations and is not automatically enabled by default.